From 429632d32c4ef37be45c4f29e36a5954f5ffefd8 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Fri, 29 Oct 2021 11:55:36 -0700 Subject: [PATCH] ipn/ipnlocal: treat js/wasm interative logins as ephemeral for now At least until js/wasm starts using browser LocalStorage or something. But for the foreseeable future, any login from a browser should be considered ephemeral as the tab can close at any time and lose the wireguard key, never to be seen again. Updates #3157 Change-Id: I6c410d86dc7f9f233c3edd623313d9dee2085aac Signed-off-by: Brad Fitzpatrick --- ipn/ipnlocal/local.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index b0a1a0f09..c2f6b4e81 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -1508,7 +1508,15 @@ func (b *LocalBackend) StartLoginInteractive() { if url != "" { b.popBrowserAuthNow() } else { - cc.Login(nil, controlclient.LoginInteractive) + flags := controlclient.LoginInteractive + if runtime.GOOS == "js" { + // The js/wasm client has no state storage so for now + // treat all interactive logins as ephemeral. + // TODO(bradfitz): if we start using browser LocalStorage + // or something, then rethink this. + flags |= controlclient.LoginEphemeral + } + cc.Login(nil, flags) } }